KPS FAQ

KPS and API Gateway

This section includes frequently asked questions on KPS and API Gateway:

What is KPS used for in API Gateway?

In addition to use with your API Gateway policies, KPS is used as an option for OAuth token storage and Client Application Registry. KPS storage in Apache Cassandra is required for API Manager and API Portal.

What is KPS not suitable for?

KPS is not suitable for complicated data models, ad hoc queries, or where full ACID transaction support is required. KPS does not enforce referential integrity.

What are the transaction semantics of KPS?

Individual KPS operations are atomic (A), isolated (I), and durable (D). Consistency (C) depends on the data storage mechanism chosen and the number of API Gateways in a group.

With file storage, data is consistent in a single API Gateway. With supported database storage, data is consistent. Cassandra storage allows consistency levels to be set per KPS table. KPS does not provide transactions across multiple operations. You cannot issue a set of KPS operations and roll them back.

What is the KPS collection alias prefix for?

This provides an optional namespace for a KPS collection to help ensure that tables in the collection have a unique alias. In most cases, you can leave this prefix empty.

How do I change the API Gateway group passphrase?

To change the group passphrase, perform the following steps:

Change the group passphrase in Policy Studio. For details, see the API Gateway Administrator Guide.

In kpsadmin, select the Collection Administration, Re-encrypt All option to re-encrypt the data in each collection.

You will be asked to enter the old API Gateway passphrase. This passphrase is used to decrypt the data. The data is then re-encrypted with the current API Gateway passphrase.

Why use database storage?

Why use file storage?

Note

File-based KPS storage is deprecated and will be removed in a future release.

File storage is very easy to use. Data is written to very simple JSON encoded files. File storage is suitable for single API Gateway use in development and production. If you have more than one API Gateway sharing the files, you must restart these API Gateways after a KPS update. It is only suitable here for rarely changing, read-mostly data. For more details, see Configure file-based KPS storage.

When can you use kpsadmin? When should you use storage-specific tools?

You can use kpsadmin anytime. However, it is especially useful for development use. In production, you should also use storage-specific tools and procedures (for example, for data backup). For more details on kpsadmin, see Manage KPS using the kpsadmin tool.

Apache Cassandra

This section includes frequently asked questions on the Apache Cassandra database:

Why use Cassandra as a KPS storage option?

Cassandra is a key-value store. Cassandra has a non-restrictive Apache 2.0 license. It provides high availability, and has an active community.